Slack Connection Error
unl1k3ly opened this issue · comments
Hi,
I tried to connect notification through slack, but I've been getting this error:
Error: missing_scope
at exec (/home/ubuntu/bXSS/node_modules/slack/src/_exec.js:11:15)
at Object._execWithToken (/home/ubuntu/bXSS/node_modules/slack/src/_factory.js:31:16)
at Object.exports.send (/home/ubuntu/bXSS/server/utilities/services/slack.js:14:16)
at reporters.forEach.svc (/home/ubuntu/bXSS/server/controllers/xss.js:21:32)
at Array.forEach (<anonymous>)
at reportToUtilities (/home/ubuntu/bXSS/server/controllers/xss.js:21:13)
at exports.capture (/home/ubuntu/bXSS/server/controllers/xss.js:56:3)
at Layer.handle [as handle_request] (/home/ubuntu/bXSS/node_modules/express/lib/router/layer.js:95:5)
at next (/home/ubuntu/bXSS/node_modules/express/lib/router/route.js:137:13)
at Route.dispatch (/home/ubuntu/bXSS/node_modules/express/lib/router/route.js:112:3)
at Layer.handle [as handle_request] (/home/ubuntu/bXSS/node_modules/express/lib/router/layer.js:95:5)
at /home/ubuntu/bXSS/node_modules/express/lib/router/index.js:281:22
at Function.process_params (/home/ubuntu/bXSS/node_modules/express/lib/router/index.js:335:12)
at next (/home/ubuntu/bXSS/node_modules/express/lib/router/index.js:275:10)
at urlencodedParser (/home/ubuntu/bXSS/node_modules/body-parser/lib/types/urlencoded.js:91:7)
at Layer.handle [as handle_request] (/home/ubuntu/bXSS/node_modules/express/lib/router/layer.js:95:5)
All required is the Slack Bot API + #channel
in the config file ?
Cherrs
Yes,
Example:
config.slack.token = process.env.slackToken || 'xoxb-token-token';
config.slack.channel = process.env.slackChannel || 'general';
I'm getting:
Error: missing_scope
at exec (/home/ubuntu/bXSS/node_modules/slack/src/_exec.js:11:15)
at Object._execWithToken (/home/ubuntu/bXSS/node_modules/slack/src/_factory.js:31:16)
at Object.exports.send (/home/ubuntu/bXSS/server/utilities/services/slack.js:14:16)
at reporters.forEach.svc (/home/ubuntu/bXSS/server/controllers/xss.js:21:32)
at Array.forEach (<anonymous>)
at reportToUtilities (/home/ubuntu/bXSS/server/controllers/xss.js:21:13)
at exports.capture (/home/ubuntu/bXSS/server/controllers/xss.js:56:3)
at Layer.handle [as handle_request] (/home/ubuntu/bXSS/node_modules/express/lib/router/layer.js:95:5)
at next (/home/ubuntu/bXSS/node_modules/express/lib/router/route.js:137:13)
at Route.dispatch (/home/ubuntu/bXSS/node_modules/express/lib/router/route.js:112:3)
at Layer.handle [as handle_request] (/home/ubuntu/bXSS/node_modules/express/lib/router/layer.js:95:5)
at /home/ubuntu/bXSS/node_modules/express/lib/router/index.js:281:22
at Function.process_params (/home/ubuntu/bXSS/node_modules/express/lib/router/index.js:335:12)
at next (/home/ubuntu/bXSS/node_modules/express/lib/router/index.js:275:10)
at urlencodedParser (/home/ubuntu/bXSS/node_modules/body-parser/lib/types/urlencoded.js:91:7)
at Layer.handle [as handle_request] (/home/ubuntu/bXSS/node_modules/express/lib/router/layer.js:95:5)
Maybe would be better is rather than take a token, we phrase an incoming hook url ? That would be easier to implement isn't ?
Let me investigate.
Its giving you a warning about scope, which means you didn't give it the correct permissions.
https://api.slack.com/scopes/chat:write
https://api.slack.com/scopes/channels:read
Slack permissions required channels:read and chat:write
It looks like this is a legacy way of doing it now, so maybe i need to re-write that part of the application.
Okay! Ive figg it out what was causing the issue... it turns out i needed private:channel permission since the bot was in a private channel. Problem solved!
Mate, perhaps, we can try to use some ideas of https://github.com/mazen160/xless. bxss is missing some data as well as screenshot module.
Its a awesome project as i said! Well done.
Cheers
I see, glad you were able to resolve it.
Those improvements are in the pipeline of issues that have been created to in attempts to make this a great project.
I have been pretty busy recently, but trying to get motivation to finish outstanding work on payload generation, then i will move to refactoring the XSS payload itself